Trojan APT hits DoD smart cards

A variant of the Sykipot Trojan Horse is able to hijack U.S. Dept. of Defense (DoD) smart cards in order to access restricted resources.

01/26/2012


ISSSourceA variant of the Sykipot Trojan Horse is able to hijack U.S. Dept. of Defense (DoD) smart cards in order to access restricted resources.

“We recently discovered a variant of Sykipot with some new, interesting features that allow it to effectively hijack DoD and Windows smart cards,” said Jaime Blasco, a security researcher at AlienVault. “This variant, which appears to have been compiled in March 2011, has been seen in dozens of attack samples from the past year.”

Smart cards interface with computers through a special reader. They use digital certificates and PIN codes for authentication purposes.

Sykipot commonly sees use in advanced persistent threat (APT) attacks. The Sykipot variant analyzed by AlienVault contains several commands to capture smart card information and use it to access secure resources, Blasco said.

One of the variant’s routines works with ActivIdentity ActivClient, an authentication software product compliant with DoD’s Common Access Card (CAC) specification.

The CAC enables access to DoD computers, networks, and certain facilities. It allows users to encrypt and digitally sign emails and it facilitates the use of public key infrastructure (PKI) for authentication purposes.

This Sykipot variant reads the smart card certificates registered on the victim’s computer, steals the card’s PIN number using a keylogger module and uses the information to log into protected resources, as long as the card remains inside the reader, Blasco said. In essence, it becomes a smart card proxy.

“While Trojans that have targeted smart cards are not new, there is obvious significance to the targeting of a particular smart card system in wide deployment by the U.S. DoD and other government agencies, particularly given the nature of the information the attackers seem to be targeting for exfiltration,” Blasco said.

Sykipot went out last month as part of an APT attack against companies from the telecommunications, manufacturing, computer hardware, chemical and defense industries. According to AlienVault, the Trojan’s main command and control servers are in China, although its creators will sometime use U.S.-based servers to route the stolen information in order to avoid detection.



No comments
Consulting-Specifying Engineer's Product of the Year (POY) contest is the premier award for new products in the HVAC, fire, electrical, and...
Consulting-Specifying Engineer magazine is dedicated to encouraging and recognizing the most talented young individuals...
The MEP Giants program lists the top mechanical, electrical, plumbing, and fire protection engineering firms in the United States.
High-performance buildings; Building envelope and integration; Electrical, HVAC system integration; Smoke control systems; Using BAS for M&V
Pressure piping systems: Designing with ASME; Lab ventilation; Lighting controls; Reduce energy use with VFDs
Smoke control: Designing for proper ventilation; Smart Grid Standard 201P; Commissioning HVAC systems; Boilers and boiler systems
Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Consulting-Specifying Engineer case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.

Protecting standby generators for mission critical facilities; Selecting energy-efficient transformers; Integrating power monitoring systems; Mitigating harmonics in electrical systems
Commissioning electrical systems in mission critical facilities; Anticipating the Smart Grid; Mitigating arc flash hazards in medium-voltage switchgear; Comparing generator sizing software
Integrating BAS, electrical systems; Electrical system flexibility; Hospital electrical distribution; Electrical system grounding
As brand protection manager for Eaton’s Electrical Sector, Tom Grace oversees counterfeit awareness...
Amara Rozgus is chief editor and content manager of Consulting-Specifier Engineer magazine.
IEEE power industry experts bring their combined experience in the electrical power industry...
Michael Heinsdorf, P.E., LEED AP, CDT is an Engineering Specification Writer at ARCOM MasterSpec.